Mozilla Data Breach

A partial database of Mozilla's addons.mozilla.org user accounts were inadvertently left on a publicly accessible server.

A researcher made Mozilla was made aware of this issue via their web bounty program on December 17th and since that time Mozilla has removed the information and yesterday, on December 27th, 2010, contacted those users who were effected.

"We were able to account for every download of the database", Mozilla said in their post. "This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure."

Mozilla also noted that current addons.mozilla.org users and accounts are not at risk and this incident didn't impact any of Mozilla’s infrastructure.

Mozilla added Microsoft's .NET Framework Assistant to its add-ons blocklist over the weekend. The blocklist blocks programs with evident security vulnerabilities. Before the weekend was over, the app was stricken from the list again.